Extracting Entries from the last 31 Days from /var/adm/sulog

HP-UX SAs:

Could some one please give me some ideas? I need to extract some information for SOX Audit puposes from /var/adm/sulog file. I need to pick a particular user's "su" activities from this file, for the last 31 days. What is the best way to go about?

Re: Extracting Entries from the last 31 Days from /var/adm/sulog

Hi Kennedy:

This should meet your needs. For simplicity, granularity is to whole days (without regard to hours and minutes). The year of the activity is assumed to be the current year, since the 'sulog' doesn't record a date with a year.

Re: Extracting Entries from the last 31 Days from /var/adm/sulog

>IF both these exist then my report may turn out to be inaccurate.

Yes, you will get both. You could search for both this and the previous month. Then "simply" remove the everything up to the current month. Assuming you actually had activity in the previous and current months.